SiegeForge

Privacy Policy

Last updated May 31, 2026

1. Who we are

SiegeForge (“we”, “us”) is a Summoners War guild siege analytics service operated by Laragod. You can reach the data controller at privacy@siegeforge.app. If you are an EU resident, your supervisory authority in Poland is the UODO.

2. What we collect

2.1 When you register

  • Email address, display name, password (hashed with bcrypt).
  • If you sign in with a social provider: the provider (Steam, Discord), the provider’s subject ID, and your display name on that provider. We never see your password for those services.
  • If you enable two-factor authentication: an encrypted TOTP secret and recovery codes.
  • Basic session metadata (IP address, user-agent, timestamps) in our server logs for security and abuse monitoring.

2.2 When you buy credits or subscribe

  • Stripe customer ID, subscription state, invoice metadata. We do not store card numbers — Stripe does.
  • We receive Stripe webhook events describing your payments.

2.3 When you install the SiegeForge SWEX plugin

The SWEX plugin runs on your PC and captures game traffic between your phone and Com2Us. When you enable it and link your guild, it forwards specific events to our servers over HTTPS. Depending on which toggles you enable, we receive:

  • Your in-game identity: your wizard_id and wizard_name, the guild you’re currently in, and your server region.
  • Your roster (if “Send my battles & monster box” is on): your monsters, runes, artifacts, storage, decks, arena/RTA team setups. We archive a filtered copy (~2 MB) of the HubUserLogin snapshot so you — and your guild leaders — can view and download it. Details of the filter live in the plugin source.
  • Siege battle data (if “Send guild siege data” is on): siege battle logs, defense compositions, tower assignments, season rankings, attack results. These records also contain your opponents’ wizard_id and wizard_name and their defense teams — see section 5 below.

Both toggles are enabled by default and can be changed at any time in the SWEX plugin settings. Turning both off leaves you with an account but no ingest — you can still use free features that rely on other guilds’ data.

3. Why we process it (lawful bases)

Purpose Lawful basis
Create and operate your accountContract (Art. 6(1)(b))
Deliver guild analytics and AI recommendations to your guildContract
Process credit purchases and subscriptionsContract & legal obligation (tax/accounting)
Collect opponent wizard_id/wizard_name inside siege logs so recommendations can reference specific defensesLegitimate interest (Art. 6(1)(f))
Contribute your data to the anonymous shared ML training poolConsent (Art. 6(1)(a)) — via the opt-in toggle at signup and at the guild level
Security, fraud, and abuse preventionLegitimate interest

4. Who we share it with (sub-processors)

  • Stripe — payment processing, subscriptions. stripe.com/privacy
  • Our hosting provider — operates the servers where this service and your data live. Data is stored in the EU where possible.
  • Social login providers (Steam, Discord) — only used at the moment you click “Sign in with …”. We don’t push data back to them.

We don’t sell your data. We don’t run ad trackers. Where a sub-processor is outside the EU (e.g. Stripe in the US), transfers rely on Standard Contractual Clauses.

5. Third-party in-game identifiers in siege logs

Siege battles are between two guilds. When you or a guildmate uploads a siege log, it inevitably contains the opponent guild’s wizard identifiers and their defense team compositions — that’s the thing the log is. We process this data on the basis of legitimate interest: without it, we can’t deliver the core product.

We limit what we keep to what’s needed for analytics and model training, we don’t market to these identifiers, and we don’t expose them to anyone outside the guilds they’re relevant to. If you appear in our database as an opponent and want your identifiers removed or pseudonymised, email privacy@siegeforge.app with your wizard_id and we’ll handle it within 30 days.

6. How long we keep it

  • Account: until you ask to delete it, then removed within 30 days.
  • Roster snapshot: one per (member, guild). Overwritten on each SWEX push, deleted when you delete your account.
  • Siege battle logs: retained while the guild is active. When a participant deletes their account, their wizard_id/wizard_name in historic battles are pseudonymised, not hard-deleted, so that guild-level analytics stay coherent.
  • Payment records: retained for 5 years after the end of the fiscal year as required by Polish accounting law.
  • Server logs: rotated and retained for up to 90 days for security purposes.

7. Your rights

Under GDPR you can:

  • Request a copy of your data (Art. 15 & 20).
  • Ask us to correct inaccurate data (Art. 16).
  • Ask us to delete your account and associated data (Art. 17).
  • Withdraw any consent you’ve given — for example, turning off the shared training pool toggle.
  • Object to processing based on legitimate interest (Art. 21).
  • Lodge a complaint with UODO or your own EU supervisory authority.

Export and deletion are available inside your account. If anything is broken, email privacy@siegeforge.app and we’ll respond within 30 days.

8. Security

All traffic is encrypted with TLS. Passwords are hashed with bcrypt. API keys for the SWEX plugin are stored as salted HMAC-SHA-256 hashes — we never store the raw key after it’s shown once. You can enable two-factor authentication in your account settings.

9. Children

SiegeForge is not intended for users under 16. If you believe a minor has created an account, email us and we’ll delete it.

10. Changes

We’ll update this page when processing materially changes. The “last updated” date at the top reflects the most recent revision. Significant changes will be communicated by email and in-app.

← Back to home Terms of Service →